Experimental Analysis of SPF Based Secure Web Application

Abstract

In this paper we will propose model driven software development and Security Performance Framework (SPF) Model to maintain the balance between security and performance for web applications. We propose that all security in a Trusted Operating System is not necessary. Some non-essential security checks can be skipped to increase system performance. These non essential security checks can be identified in any web application. For implementation of this Security Performance framework based trusted operating system, we propose object oriented based Code generation through forward engineering. This involves generating source code of web application from one or more Object oriented Rational Rose model. The novel integration of security engineering with model-driven software expansion approach has varied advantages. To maintain security in various applications like Ecommerce, Banking, Marketplace services, Advertising, Auctions, Comparison shopping, Mobile commerce Payment, Ticketing, Online insurance policy management, we have to use high secured operating systems. In this regard a number of trusted operating systems like Argus, Trusted Solaris, and Virtual Vault have been developed by various companies to handle the increasing need of security. Due to high security reason these operating systems are being used in defense. But still these secure operating systems have limited scope in commercial sector due to lower performance; actually this security will come at a cost. This paper analyzes UML-based software development solutions for SPF to manage the security, performance and modeling for web applications.